CVE Vulnerabilities

CVE-2008-1154

Improper Authentication

Published: Apr 04, 2008 | Modified: Aug 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Emergency_responder Cisco 2.0 2.0
Mobility_manager Cisco 2.0 2.0
Unified_communications_manager Cisco 5.0 5.0
Unified_communications_manager Cisco 5.1 5.1
Unified_communications_manager Cisco 6.0 6.0
Unified_communications_manager Cisco 6.1 6.1
Unified_presence Cisco 1.0 1.0
Unified_presence Cisco 6.0 6.0

Potential Mitigations

References